Huawei AppGallery vulnerability allows anyone to download paid app or game for free
Recently, security researchers have disclosed a vulnerability in the Huawei AppGallery, which mainly affects developers. Through this vulnerability, anyone can bypass Huawei’s account system and payment system and directly download applications or games that would otherwise require payment. The researchers have notified Huawei of the vulnerability, but it has not yet been fixed, and it is not known when Huawei is going to fix the vulnerability.
It should be emphasized that Huawei also provides a DRM SDK protection mechanism, but the premise is that the developer has already used this SDK, otherwise a paid app without DRM protection could be freely distributed to others after only a single purchase. If the DRM SDK is used, even if the installation package is obtained, it cannot be used normally. During testing, the researchers found that some games were blocked using this SDK.